Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/eef557-0e10-40ce-a48f-ee0603949f93/1/UhwEZguUPG_muwC9wsMRXnxaARg.roa
File:                     UhwEZguUPG_muwC9wsMRXnxaARg.roa (raw, json)
Hash identifier:          bl6dR/UTlvrWbvDmsMMohVkwxe37NqZ7QoDkbSB6tUs=
Subject key identifier:   52:1C:04:66:0B:94:3C:6F:E6:BB:00:BD:C2:C3:11:5E:7C:5A:01:18
Certificate issuer:       /CN=237f7db033314c473cda194e0df79f1c375da3f4
Certificate serial:       0BC0C1F8
Authority key identifier: 23:7F:7D:B0:33:31:4C:47:3C:DA:19:4E:0D:F7:9F:1C:37:5D:A3:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I399sDMxTEc82hlODfefHDddo_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/eef557-0e10-40ce-a48f-ee0603949f93/1/UhwEZguUPG_muwC9wsMRXnxaARg.roa
Signing time:             Wed 16 Feb 2022 08:33:11 +0000
ROA not before:           Wed 16 Feb 2022 08:33:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6453
IP address blocks:        91.140.128.0/17 maxlen: 17
                          194.54.192.0/18 maxlen: 18
                          95.175.64.0/19 maxlen: 19

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 197181944 (0xbc0c1f8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=237f7db033314c473cda194e0df79f1c375da3f4
        Validity
            Not Before: Feb 16 08:33:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=521c04660b943c6fe6bb00bdc2c3115e7c5a0118
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:cd:4e:cd:6e:bb:04:7f:6b:ea:0e:e1:65:9f:
                    f8:c3:0a:f5:9c:a5:6e:c8:67:c1:64:ca:4d:e5:3a:
                    c2:74:a0:7f:5f:bc:6b:a0:bf:d5:a9:67:c7:19:bb:
                    0b:22:6e:35:58:bd:e4:28:27:b6:f2:1e:8a:f8:20:
                    65:ae:eb:61:fd:ae:fe:be:8b:14:cb:d0:d4:67:fa:
                    d7:cc:88:42:8d:f2:34:52:59:b9:b8:2d:59:66:f5:
                    c1:85:7a:45:4a:80:c6:52:36:1e:2a:b6:da:d3:24:
                    6b:24:06:c1:24:5f:cc:e2:82:4c:b1:52:26:c4:93:
                    82:64:67:2a:e2:03:97:ac:46:82:68:94:81:d1:54:
                    8c:cc:4a:cf:d2:d9:41:35:39:ba:5d:36:e6:aa:c0:
                    2b:a3:4b:5c:0d:ec:b3:7f:92:0d:27:93:a0:d0:d3:
                    ea:ae:21:f5:19:8e:e5:cb:81:a4:40:76:cc:32:6a:
                    37:7f:bc:20:21:7a:b2:7c:8d:19:20:10:69:3d:da:
                    32:a4:a4:f8:4d:fc:fe:75:2a:ae:f4:23:b8:06:d8:
                    40:41:75:7d:c4:f4:f2:7b:e4:32:9d:f9:15:8a:c9:
                    1b:f4:12:4c:82:b1:ec:cd:64:b7:39:06:42:0b:3a:
                    81:23:d7:ab:19:5e:18:6c:c5:df:1f:ce:aa:4f:aa:
                    1a:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:1C:04:66:0B:94:3C:6F:E6:BB:00:BD:C2:C3:11:5E:7C:5A:01:18
            X509v3 Authority Key Identifier:
                keyid:23:7F:7D:B0:33:31:4C:47:3C:DA:19:4E:0D:F7:9F:1C:37:5D:A3:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I399sDMxTEc82hlODfefHDddo_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/eef557-0e10-40ce-a48f-ee0603949f93/1/UhwEZguUPG_muwC9wsMRXnxaARg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/eef557-0e10-40ce-a48f-ee0603949f93/1/I399sDMxTEc82hlODfefHDddo_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.140.128.0/17
                  95.175.64.0/19
                  194.54.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         aa:77:9c:2b:4d:6d:79:90:75:26:d9:6a:2e:9b:b5:17:6f:5c:
         a1:c7:dc:94:c9:90:11:27:dc:3f:b1:5f:9c:83:1e:fa:bf:37:
         e6:fe:df:de:87:66:0f:a4:ae:19:d2:ad:93:62:73:93:5b:33:
         21:dd:3d:d0:23:51:4f:7f:85:d6:a2:9e:3b:3b:09:d1:57:f6:
         c2:ce:ed:a1:16:38:39:09:72:a6:09:07:9a:8f:f2:c3:a4:4b:
         99:69:f8:9f:fd:83:e5:7c:36:09:8d:28:71:c3:0a:97:cd:e8:
         88:1b:9a:65:bf:cb:17:18:c8:89:e3:5d:ff:26:95:47:e1:ea:
         a3:a3:70:82:8c:40:5f:a7:7a:4d:05:76:95:63:99:f5:56:8e:
         5a:6c:4d:2a:e4:0b:dc:b3:22:07:cc:24:ce:20:95:22:ee:eb:
         07:67:2f:a4:f2:43:33:53:7a:f7:f7:f3:ac:0e:c3:8f:c7:cd:
         7d:f1:14:58:82:51:bb:0b:14:ca:c0:3b:29:9f:8b:db:81:76:
         94:52:32:e9:ec:47:13:90:ac:b2:c4:49:21:d4:f3:67:30:6a:
         64:eb:a1:36:fe:0d:5f:5b:61:b2:b5:d5:c6:ff:b0:3d:7e:89:
         10:82:1b:ea:b5:08:9e:8f:54:d2:dc:73:9c:75:ff:74:f3:8a:
         38:86:eb:e2
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEC8DB+DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MzdmN2RiMDMzMzE0YzQ3M2NkYTE5NGUwZGY3OWYxYzM3NWRhM2Y0MB4XDTIyMDIx
NjA4MzMxMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTIxYzA0NjYwYjk0
M2M2ZmU2YmIwMGJkYzJjMzExNWU3YzVhMDExODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALLNTs1uuwR/a+oO4WWf+MMK9ZylbshnwWTKTeU6wnSgf1+8
a6C/1alnxxm7CyJuNVi95CgntvIeivggZa7rYf2u/r6LFMvQ1Gf618yIQo3yNFJZ
ubgtWWb1wYV6RUqAxlI2Hiq22tMkayQGwSRfzOKCTLFSJsSTgmRnKuIDl6xGgmiU
gdFUjMxKz9LZQTU5ul025qrAK6NLXA3ss3+SDSeToNDT6q4h9RmO5cuBpEB2zDJq
N3+8ICF6snyNGSAQaT3aMqSk+E38/nUqrvQjuAbYQEF1fcT08nvkMp35FYrJG/QS
TIKx7M1ktzkGQgs6gSPXqxleGGzF3x/Oqk+qGoUCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBRSHARmC5Q8b+a7AL3CwxFefFoBGDAfBgNVHSMEGDAWgBQjf32wMzFMRzza
GU4N958cN12j9DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0kzOTlzRE14VEVjODJobE9EZmVmSERkZG9fUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODgvZWVmNTU3LTBlMTAtNDBjZS1hNDhmLWVlMDYwMzk0OWY5My8x
L1Vod0VaZ3VVUEdfbXV3Qzl3c01SWG54YUFSZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODgv
ZWVmNTU3LTBlMTAtNDBjZS1hNDhmLWVlMDYwMzk0OWY5My8xL0kzOTlzRE14VEVj
ODJobE9EZmVmSERkZG9fUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEB1uMgAMEBV+vQAMEBsI2wDANBgkq
hkiG9w0BAQsFAAOCAQEAqnecK01teZB1JtlqLpu1F29cocfclMmQESfcP7FfnIMe
+r835v7f3odmD6SuGdKtk2Jzk1szId090CNRT3+F1qKeOzsJ0Vf2ws7toRY4OQly
pgkHmo/yw6RLmWn4n/2D5Xw2CY0occMKl83oiBuaZb/LFxjIieNd/yaVR+Hqo6Nw
goxAX6d6TQV2lWOZ9VaOWmxNKuQL3LMiB8wkziCVIu7rB2cvpPJDM1N69/fzrA7D
j8fNffEUWIJRuwsUysA7KZ+L24F2lFIy6exHE5CsssRJIdTzZzBqZOuhNv4NX1th
srXVxv+wPX6JEIIb6rUIno9U0txznHX/dPOKOIbr4g==
-----END CERTIFICATE-----